arachni 0.4.3.2 → 0.4.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/CHANGELOG.md +42 -0
- data/README.md +4 -1
- data/lib/arachni/element/capabilities/auditable.rb +5 -0
- data/lib/arachni/element/capabilities/auditable/rdiff.rb +105 -122
- data/lib/arachni/framework.rb +4 -1
- data/lib/arachni/http.rb +9 -10
- data/lib/arachni/mixins/progress_bar.rb +1 -1
- data/lib/arachni/options.rb +16 -0
- data/lib/arachni/rpc/server/active_options.rb +1 -1
- data/lib/arachni/ui/cli/utilities.rb +4 -0
- data/lib/arachni/uri.rb +2 -1
- data/lib/version +1 -1
- data/modules/audit/code_injection_php_input_wrapper.rb +76 -0
- data/modules/audit/path_traversal.rb +23 -13
- data/modules/audit/rfi.rb +4 -3
- data/modules/audit/source_code_disclosure.rb +138 -0
- data/modules/audit/sqli_blind_rdiff.rb +16 -13
- data/modules/audit/sqli_blind_rdiff/payloads.txt +5 -5
- data/modules/recon/grep/form_upload.rb +61 -0
- data/modules/recon/htaccess_limit.rb +6 -3
- data/modules/recon/x_forwarded_for_access_restriction_bypass.rb +55 -0
- data/plugins/http_dicattack.rb +5 -8
- data/plugins/redundant_vectors.rb +34 -0
- data/reports/html/default/issues.erb +7 -22
- data/reports/stdout.rb +3 -3
- data/spec/arachni/element/capabilities/auditable/rdiff_spec.rb +3 -2
- data/spec/arachni/http_spec.rb +27 -1
- data/spec/modules/audit/path_traversal_spec.rb +2 -2
- data/spec/modules/audit/rfi_spec.rb +1 -1
- data/spec/modules/audit/source_code_disclosure_spec.rb +24 -0
- data/spec/modules/recon/grep/form_upload_spec.rb +19 -0
- data/spec/modules/recon/x_forwarded_for_access_restriction_bypass_spec.rb +19 -0
- data/spec/plugins/http_dicattack_spec.rb +3 -3
- data/spec/support/servers/arachni/element/capabilities/auditable/rdiff.rb +3 -1
- data/spec/support/servers/modules/audit/path_traversal.rb +12 -6
- data/spec/support/servers/modules/audit/source_code_disclosure.rb +96 -0
- data/spec/support/servers/modules/audit/sqli_blind_rdiff.rb +2 -11
- data/spec/support/servers/modules/recon/grep/form_upload.rb +9 -0
- data/spec/support/servers/modules/recon/x_forwarded_for_access_restriction_bypass.rb +16 -0
- data/spec/support/shared/element/capabilities/auditable.rb +22 -1
- metadata +19 -452
- data/spec/support/logs/Dispatcher - 1000-42597.log +0 -9
- data/spec/support/logs/Dispatcher - 1009-18926.log +0 -9
- data/spec/support/logs/Dispatcher - 1018-26020.log +0 -9
- data/spec/support/logs/Dispatcher - 1027-51590.log +0 -9
- data/spec/support/logs/Dispatcher - 1036-31265.log +0 -11
- data/spec/support/logs/Dispatcher - 1049-64968.log +0 -9
- data/spec/support/logs/Dispatcher - 1059-36177.log +0 -9
- data/spec/support/logs/Dispatcher - 1119-32736.log +0 -63
- data/spec/support/logs/Dispatcher - 1128-64822.log +0 -43
- data/spec/support/logs/Dispatcher - 1137-33870.log +0 -39
- data/spec/support/logs/Dispatcher - 1146-57070.log +0 -34
- data/spec/support/logs/Dispatcher - 1155-1976.log +0 -28
- data/spec/support/logs/Dispatcher - 1166-7613.log +0 -21
- data/spec/support/logs/Dispatcher - 1176-38750.log +0 -13
- data/spec/support/logs/Dispatcher - 1186-13313.log +0 -9
- data/spec/support/logs/Dispatcher - 1328-54360.log +0 -19
- data/spec/support/logs/Dispatcher - 1338-50709.log +0 -21
- data/spec/support/logs/Dispatcher - 1347-36899.log +0 -15
- data/spec/support/logs/Dispatcher - 1362-31178.log +0 -19
- data/spec/support/logs/Dispatcher - 1374-11925.log +0 -21
- data/spec/support/logs/Dispatcher - 1384-20223.log +0 -15
- data/spec/support/logs/Dispatcher - 1575-41606.log +0 -17
- data/spec/support/logs/Dispatcher - 1585-60468.log +0 -21
- data/spec/support/logs/Dispatcher - 1594-55347.log +0 -13
- data/spec/support/logs/Dispatcher - 1607-32309.log +0 -19
- data/spec/support/logs/Dispatcher - 1616-38493.log +0 -21
- data/spec/support/logs/Dispatcher - 1625-44887.log +0 -15
- data/spec/support/logs/Dispatcher - 1677-56065.log +0 -17
- data/spec/support/logs/Dispatcher - 1686-61752.log +0 -21
- data/spec/support/logs/Dispatcher - 1698-55714.log +0 -13
- data/spec/support/logs/Dispatcher - 1711-14301.log +0 -17
- data/spec/support/logs/Dispatcher - 1720-52378.log +0 -21
- data/spec/support/logs/Dispatcher - 1729-22756.log +0 -13
- data/spec/support/logs/Dispatcher - 2016-10522.log +0 -19
- data/spec/support/logs/Dispatcher - 2025-12440.log +0 -21
- data/spec/support/logs/Dispatcher - 2034-6928.log +0 -15
- data/spec/support/logs/Dispatcher - 2058-54432.log +0 -21
- data/spec/support/logs/Dispatcher - 2067-19379.log +0 -25
- data/spec/support/logs/Dispatcher - 2076-43318.log +0 -15
- data/spec/support/logs/Dispatcher - 2112-16482.log +0 -17
- data/spec/support/logs/Dispatcher - 2121-7790.log +0 -21
- data/spec/support/logs/Dispatcher - 2130-18423.log +0 -13
- data/spec/support/logs/Dispatcher - 2145-13060.log +0 -21
- data/spec/support/logs/Dispatcher - 2154-42433.log +0 -25
- data/spec/support/logs/Dispatcher - 2163-55198.log +0 -15
- data/spec/support/logs/Dispatcher - 2199-19221.log +0 -17
- data/spec/support/logs/Dispatcher - 2208-27404.log +0 -21
- data/spec/support/logs/Dispatcher - 2217-34366.log +0 -13
- data/spec/support/logs/Dispatcher - 2230-52868.log +0 -17
- data/spec/support/logs/Dispatcher - 2239-1425.log +0 -21
- data/spec/support/logs/Dispatcher - 2248-34228.log +0 -13
- data/spec/support/logs/Dispatcher - 23550-62617.log +0 -9
- data/spec/support/logs/Dispatcher - 23577-56565.log +0 -21
- data/spec/support/logs/Dispatcher - 23734-28957.log +0 -9
- data/spec/support/logs/Dispatcher - 23744-12387.log +0 -19
- data/spec/support/logs/Dispatcher - 23753-8683.log +0 -17
- data/spec/support/logs/Dispatcher - 23762-7032.log +0 -13
- data/spec/support/logs/Dispatcher - 23771-13735.log +0 -9
- data/spec/support/logs/Dispatcher - 23780-6422.log +0 -9
- data/spec/support/logs/Dispatcher - 23789-37971.log +0 -11
- data/spec/support/logs/Dispatcher - 23802-4861.log +0 -11
- data/spec/support/logs/Dispatcher - 23815-27068.log +0 -35
- data/spec/support/logs/Dispatcher - 23900-13978.log +0 -21
- data/spec/support/logs/Dispatcher - 23928-16013.log +0 -21
- data/spec/support/logs/Dispatcher - 23952-10950.log +0 -23
- data/spec/support/logs/Dispatcher - 24002-6528.log +0 -19
- data/spec/support/logs/Dispatcher - 24011-65281.log +0 -17
- data/spec/support/logs/Dispatcher - 24020-51743.log +0 -15
- data/spec/support/logs/Dispatcher - 24033-26547.log +0 -11
- data/spec/support/logs/Dispatcher - 24046-57891.log +0 -9
- data/spec/support/logs/Dispatcher - 24055-65062.log +0 -9
- data/spec/support/logs/Dispatcher - 24064-19057.log +0 -9
- data/spec/support/logs/Dispatcher - 24073-54430.log +0 -9
- data/spec/support/logs/Dispatcher - 24082-25596.log +0 -11
- data/spec/support/logs/Dispatcher - 24095-43694.log +0 -9
- data/spec/support/logs/Dispatcher - 24104-17121.log +0 -9
- data/spec/support/logs/Dispatcher - 24158-40106.log +0 -63
- data/spec/support/logs/Dispatcher - 24167-21385.log +0 -43
- data/spec/support/logs/Dispatcher - 24176-6454.log +0 -39
- data/spec/support/logs/Dispatcher - 24185-5125.log +0 -34
- data/spec/support/logs/Dispatcher - 24194-57640.log +0 -28
- data/spec/support/logs/Dispatcher - 24203-3500.log +0 -21
- data/spec/support/logs/Dispatcher - 24212-26331.log +0 -13
- data/spec/support/logs/Dispatcher - 24222-65421.log +0 -9
- data/spec/support/logs/Dispatcher - 24764-27994.log +0 -19
- data/spec/support/logs/Dispatcher - 24774-32543.log +0 -21
- data/spec/support/logs/Dispatcher - 24783-19136.log +0 -15
- data/spec/support/logs/Dispatcher - 24796-60141.log +0 -19
- data/spec/support/logs/Dispatcher - 24805-24219.log +0 -21
- data/spec/support/logs/Dispatcher - 24814-22343.log +0 -15
- data/spec/support/logs/Dispatcher - 24933-3408.log +0 -17
- data/spec/support/logs/Dispatcher - 24942-62948.log +0 -21
- data/spec/support/logs/Dispatcher - 24951-32294.log +0 -13
- data/spec/support/logs/Dispatcher - 24964-62518.log +0 -19
- data/spec/support/logs/Dispatcher - 24973-13438.log +0 -21
- data/spec/support/logs/Dispatcher - 24982-14621.log +0 -15
- data/spec/support/logs/Dispatcher - 25033-2920.log +0 -17
- data/spec/support/logs/Dispatcher - 25043-58761.log +0 -21
- data/spec/support/logs/Dispatcher - 25052-29212.log +0 -13
- data/spec/support/logs/Dispatcher - 25066-41541.log +0 -17
- data/spec/support/logs/Dispatcher - 25075-37989.log +0 -21
- data/spec/support/logs/Dispatcher - 25084-11499.log +0 -13
- data/spec/support/logs/Dispatcher - 25311-26011.log +0 -19
- data/spec/support/logs/Dispatcher - 25320-24733.log +0 -21
- data/spec/support/logs/Dispatcher - 25329-29047.log +0 -15
- data/spec/support/logs/Dispatcher - 25353-46711.log +0 -21
- data/spec/support/logs/Dispatcher - 25362-36226.log +0 -25
- data/spec/support/logs/Dispatcher - 25371-56232.log +0 -15
- data/spec/support/logs/Dispatcher - 25407-3246.log +0 -17
- data/spec/support/logs/Dispatcher - 25416-34890.log +0 -21
- data/spec/support/logs/Dispatcher - 25425-15634.log +0 -13
- data/spec/support/logs/Dispatcher - 25438-34664.log +0 -21
- data/spec/support/logs/Dispatcher - 25447-3660.log +0 -25
- data/spec/support/logs/Dispatcher - 25456-8081.log +0 -15
- data/spec/support/logs/Dispatcher - 25492-10542.log +0 -17
- data/spec/support/logs/Dispatcher - 25501-45084.log +0 -21
- data/spec/support/logs/Dispatcher - 25510-35194.log +0 -13
- data/spec/support/logs/Dispatcher - 25519-53450.log +0 -17
- data/spec/support/logs/Dispatcher - 25532-55565.log +0 -21
- data/spec/support/logs/Dispatcher - 25541-6244.log +0 -13
- data/spec/support/logs/Dispatcher - 28179-60102.log +0 -9
- data/spec/support/logs/Dispatcher - 28206-59109.log +0 -21
- data/spec/support/logs/Dispatcher - 28347-64968.log +0 -9
- data/spec/support/logs/Dispatcher - 28357-36177.log +0 -19
- data/spec/support/logs/Dispatcher - 28366-50815.log +0 -17
- data/spec/support/logs/Dispatcher - 28375-20163.log +0 -13
- data/spec/support/logs/Dispatcher - 28384-40303.log +0 -9
- data/spec/support/logs/Dispatcher - 28393-26451.log +0 -9
- data/spec/support/logs/Dispatcher - 28402-18767.log +0 -11
- data/spec/support/logs/Dispatcher - 28415-56936.log +0 -11
- data/spec/support/logs/Dispatcher - 28428-4219.log +0 -35
- data/spec/support/logs/Dispatcher - 28489-21241.log +0 -21
- data/spec/support/logs/Dispatcher - 28498-4440.log +0 -21
- data/spec/support/logs/Dispatcher - 28507-56565.log +0 -23
- data/spec/support/logs/Dispatcher - 28548-64105.log +0 -19
- data/spec/support/logs/Dispatcher - 28557-9265.log +0 -17
- data/spec/support/logs/Dispatcher - 28566-60378.log +0 -15
- data/spec/support/logs/Dispatcher - 28580-47697.log +0 -11
- data/spec/support/logs/Dispatcher - 28593-45818.log +0 -9
- data/spec/support/logs/Dispatcher - 28603-24718.log +0 -9
- data/spec/support/logs/Dispatcher - 28612-10811.log +0 -9
- data/spec/support/logs/Dispatcher - 28621-30580.log +0 -9
- data/spec/support/logs/Dispatcher - 28642-14288.log +0 -11
- data/spec/support/logs/Dispatcher - 28657-46406.log +0 -9
- data/spec/support/logs/Dispatcher - 28666-48831.log +0 -9
- data/spec/support/logs/Dispatcher - 28723-34387.log +0 -63
- data/spec/support/logs/Dispatcher - 28732-54101.log +0 -43
- data/spec/support/logs/Dispatcher - 28741-5251.log +0 -39
- data/spec/support/logs/Dispatcher - 28750-8280.log +0 -34
- data/spec/support/logs/Dispatcher - 28759-38308.log +0 -28
- data/spec/support/logs/Dispatcher - 28768-65028.log +0 -21
- data/spec/support/logs/Dispatcher - 28777-56986.log +0 -13
- data/spec/support/logs/Dispatcher - 28787-15576.log +0 -9
- data/spec/support/logs/Dispatcher - 28994-50422.log +0 -19
- data/spec/support/logs/Dispatcher - 29004-46776.log +0 -21
- data/spec/support/logs/Dispatcher - 29013-21266.log +0 -15
- data/spec/support/logs/Dispatcher - 29026-3603.log +0 -19
- data/spec/support/logs/Dispatcher - 29035-17800.log +0 -21
- data/spec/support/logs/Dispatcher - 29044-7103.log +0 -15
- data/spec/support/logs/Dispatcher - 29165-63459.log +0 -17
- data/spec/support/logs/Dispatcher - 29174-14377.log +0 -21
- data/spec/support/logs/Dispatcher - 29183-49752.log +0 -13
- data/spec/support/logs/Dispatcher - 29196-55000.log +0 -19
- data/spec/support/logs/Dispatcher - 29205-33060.log +0 -21
- data/spec/support/logs/Dispatcher - 29214-62279.log +0 -15
- data/spec/support/logs/Dispatcher - 29269-40689.log +0 -17
- data/spec/support/logs/Dispatcher - 29278-10110.log +0 -21
- data/spec/support/logs/Dispatcher - 29288-55076.log +0 -13
- data/spec/support/logs/Dispatcher - 29301-13242.log +0 -17
- data/spec/support/logs/Dispatcher - 29310-21310.log +0 -21
- data/spec/support/logs/Dispatcher - 29319-62724.log +0 -13
- data/spec/support/logs/Dispatcher - 29568-37063.log +0 -19
- data/spec/support/logs/Dispatcher - 29577-56333.log +0 -21
- data/spec/support/logs/Dispatcher - 29586-49998.log +0 -15
- data/spec/support/logs/Dispatcher - 29611-63916.log +0 -21
- data/spec/support/logs/Dispatcher - 29620-29551.log +0 -25
- data/spec/support/logs/Dispatcher - 29629-49377.log +0 -15
- data/spec/support/logs/Dispatcher - 29665-40270.log +0 -17
- data/spec/support/logs/Dispatcher - 29674-61313.log +0 -21
- data/spec/support/logs/Dispatcher - 29683-33859.log +0 -13
- data/spec/support/logs/Dispatcher - 29696-38359.log +0 -21
- data/spec/support/logs/Dispatcher - 29705-30896.log +0 -25
- data/spec/support/logs/Dispatcher - 29714-17665.log +0 -15
- data/spec/support/logs/Dispatcher - 29752-63853.log +0 -17
- data/spec/support/logs/Dispatcher - 29761-3448.log +0 -21
- data/spec/support/logs/Dispatcher - 29770-31902.log +0 -13
- data/spec/support/logs/Dispatcher - 29783-47589.log +0 -17
- data/spec/support/logs/Dispatcher - 29792-8436.log +0 -21
- data/spec/support/logs/Dispatcher - 29801-9350.log +0 -13
- data/spec/support/logs/Dispatcher - 339-13552.log +0 -9
- data/spec/support/logs/Dispatcher - 384-22932.log +0 -21
- data/spec/support/logs/Dispatcher - 744-9325.log +0 -9
- data/spec/support/logs/Dispatcher - 754-41076.log +0 -19
- data/spec/support/logs/Dispatcher - 763-49534.log +0 -17
- data/spec/support/logs/Dispatcher - 772-59109.log +0 -13
- data/spec/support/logs/Dispatcher - 782-41178.log +0 -9
- data/spec/support/logs/Dispatcher - 791-11829.log +0 -9
- data/spec/support/logs/Dispatcher - 800-47866.log +0 -11
- data/spec/support/logs/Dispatcher - 814-16120.log +0 -11
- data/spec/support/logs/Dispatcher - 827-2111.log +0 -35
- data/spec/support/logs/Dispatcher - 889-13083.log +0 -21
- data/spec/support/logs/Dispatcher - 898-53883.log +0 -21
- data/spec/support/logs/Dispatcher - 911-41959.log +0 -23
- data/spec/support/logs/Dispatcher - 955-24486.log +0 -19
- data/spec/support/logs/Dispatcher - 965-25535.log +0 -17
- data/spec/support/logs/Dispatcher - 974-14231.log +0 -15
- data/spec/support/logs/Dispatcher - 987-5144.log +0 -11
- data/spec/support/logs/Instance - 1343-24327.error.log +0 -328
- data/spec/support/logs/Instance - 1694-39251.error.log +0 -328
- data/spec/support/logs/Instance - 1725-15789.error.log +0 -427
- data/spec/support/logs/Instance - 1766-53560.error.log +0 -326
- data/spec/support/logs/Instance - 1773-12955.error.log +0 -328
- data/spec/support/logs/Instance - 1948-11071.error.log +0 -326
- data/spec/support/logs/Instance - 24779-49625.error.log +0 -328
- data/spec/support/logs/Instance - 25048-11380.error.log +0 -328
- data/spec/support/logs/Instance - 25080-24917.error.log +0 -427
- data/spec/support/logs/Instance - 25106-33475.error.log +0 -326
- data/spec/support/logs/Instance - 25112-54559.error.log +0 -328
- data/spec/support/logs/Instance - 25242-65202.error.log +0 -326
- data/spec/support/logs/Instance - 29009-57043.error.log +0 -328
- data/spec/support/logs/Instance - 29283-31439.error.log +0 -328
- data/spec/support/logs/Instance - 29315-55609.error.log +0 -427
- data/spec/support/logs/Instance - 29341-7004.error.log +0 -326
- data/spec/support/logs/Instance - 29347-6024.error.log +0 -328
- data/spec/support/logs/Instance - 29492-27943.error.log +0 -326
@@ -1,5 +1,5 @@
|
|
1
|
-
%q% and %q%
|
2
|
-
%q%) and %q%
|
3
|
-
%q%)) and %q%
|
4
|
-
%q%))) and %q%
|
5
|
-
%q%)))) and %q%
|
1
|
+
%q% and %q%
|
2
|
+
%q%) and %q%
|
3
|
+
%q%)) and %q%
|
4
|
+
%q%))) and %q%
|
5
|
+
%q%)))) and %q%
|
@@ -0,0 +1,61 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
|
3
|
+
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
7
|
+
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
15
|
+
=end
|
16
|
+
|
17
|
+
# Looks for and logs forms with file inputs.
|
18
|
+
#
|
19
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
20
|
+
#
|
21
|
+
# @version 0.1
|
22
|
+
class Arachni::Modules::FileUpload < Arachni::Module::Base
|
23
|
+
|
24
|
+
|
25
|
+
def run
|
26
|
+
page.forms.each do |form|
|
27
|
+
next if form.raw.empty?
|
28
|
+
|
29
|
+
form.raw['input'].each do |input|
|
30
|
+
next if input['type'] != 'file'
|
31
|
+
log( match: form.to_html, element: Element::FORM )
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def self.info
|
37
|
+
description = 'Logs upload forms which require manual testing.'
|
38
|
+
{
|
39
|
+
name: 'Form-based File Upload',
|
40
|
+
description: description,
|
41
|
+
elements: [ Element::FORM ],
|
42
|
+
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
43
|
+
version: '0.1',
|
44
|
+
targets: %w(Generic),
|
45
|
+
references: {
|
46
|
+
'owasp.org' => 'https://www.owasp.org/index.php/Unrestricted_File_Upload'
|
47
|
+
},
|
48
|
+
|
49
|
+
issue: {
|
50
|
+
name: %q{Form-based File Upload},
|
51
|
+
cwe: '200',
|
52
|
+
description: description,
|
53
|
+
tags: %w(file upload),
|
54
|
+
severity: Severity::INFORMATIONAL
|
55
|
+
},
|
56
|
+
max_issues: 25
|
57
|
+
}
|
58
|
+
end
|
59
|
+
|
60
|
+
|
61
|
+
end
|
@@ -17,13 +17,16 @@
|
|
17
17
|
#
|
18
18
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
19
19
|
#
|
20
|
-
# @version 0.1.
|
20
|
+
# @version 0.1.5
|
21
21
|
#
|
22
22
|
class Arachni::Modules::Htaccess < Arachni::Module::Base
|
23
23
|
|
24
24
|
def run
|
25
25
|
return if page.code != 401
|
26
|
-
|
26
|
+
|
27
|
+
[:post, :head, :blah]. each do |m|
|
28
|
+
http.request( page.url, method: m ) { |res| check_and_log( res ) }
|
29
|
+
end
|
27
30
|
end
|
28
31
|
|
29
32
|
def check_and_log( res )
|
@@ -39,7 +42,7 @@ class Arachni::Modules::Htaccess < Arachni::Module::Base
|
|
39
42
|
GET requests but allows POST.},
|
40
43
|
elements: [ Element::SERVER ],
|
41
44
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
42
|
-
version: '0.1.
|
45
|
+
version: '0.1.5',
|
43
46
|
targets: %w(Generic),
|
44
47
|
references: {
|
45
48
|
'Apache.org' => 'http://httpd.apache.org/docs/2.2/mod/core.html#limit'
|
@@ -0,0 +1,55 @@
|
|
1
|
+
=begin
|
2
|
+
Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
|
3
|
+
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
7
|
+
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
15
|
+
=end
|
16
|
+
|
17
|
+
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
18
|
+
# @version 0.1
|
19
|
+
class Arachni::Modules::XForwardedAccessRestrictionBypass < Arachni::Module::Base
|
20
|
+
|
21
|
+
def run
|
22
|
+
return if ![401, 403].include?( page.code )
|
23
|
+
http.get( page.url, headers: { 'X-Forwarded-For' => '127.0.0.1' } ) do |res|
|
24
|
+
check_and_log( res )
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def check_and_log( res )
|
29
|
+
return if res.code != 200
|
30
|
+
log( { element: Element::SERVER }, res )
|
31
|
+
print_ok "Request was accepted: #{res.effective_url}"
|
32
|
+
end
|
33
|
+
|
34
|
+
def self.info
|
35
|
+
{
|
36
|
+
name: 'X-Forwarded-For Access Restriction Bypass',
|
37
|
+
description: %q{Retries denied requests with a X-Forwarded-For header
|
38
|
+
to trick the web application into thinking that the request originates
|
39
|
+
from localhost and checks whether the restrictions was bypassed.},
|
40
|
+
elements: [ Element::SERVER ],
|
41
|
+
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
42
|
+
version: '0.1',
|
43
|
+
targets: %w(Generic),
|
44
|
+
issue: {
|
45
|
+
name: %q{Access restriction bypass via X-Forwarded-For},
|
46
|
+
description: %q{Access restrictions can be bypassed by tricking
|
47
|
+
the web application into thinking that the request originated
|
48
|
+
from localhost.},
|
49
|
+
tags: %w(access restriction server bypass),
|
50
|
+
severity: Severity::HIGH
|
51
|
+
}
|
52
|
+
}
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
data/plugins/http_dicattack.rb
CHANGED
@@ -17,7 +17,7 @@
|
|
17
17
|
#
|
18
18
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
19
19
|
#
|
20
|
-
# @version 0.1.
|
20
|
+
# @version 0.1.3
|
21
21
|
#
|
22
22
|
class Arachni::Plugins::HTTPDicattack < Arachni::Plugin::Base
|
23
23
|
|
@@ -52,12 +52,8 @@ class Arachni::Plugins::HTTPDicattack < Arachni::Plugin::Base
|
|
52
52
|
print_status "Maximum number of requests to be transmitted: #{total_req}"
|
53
53
|
|
54
54
|
@users.each do |user|
|
55
|
-
url.user = user
|
56
|
-
|
57
55
|
@passwds.each do |pass|
|
58
|
-
url.password
|
59
|
-
|
60
|
-
http.get( url.to_s ).on_complete do |res|
|
56
|
+
http.get( url.to_s, username: user, password: pass ).on_complete do |res|
|
61
57
|
next if @found
|
62
58
|
|
63
59
|
print_status "Username: '#{user}' -- Password: '#{pass}'"
|
@@ -68,7 +64,8 @@ class Arachni::Plugins::HTTPDicattack < Arachni::Plugin::Base
|
|
68
64
|
print_ok "Found a match. Username: '#{user}' -- Password: '#{pass}'"
|
69
65
|
print_info "URL: #{res.effective_url}"
|
70
66
|
|
71
|
-
framework.opts.
|
67
|
+
framework.opts.http_username = user
|
68
|
+
framework.opts.http_password = pass
|
72
69
|
|
73
70
|
# register our findings...
|
74
71
|
register_results( username: user, password: pass )
|
@@ -100,7 +97,7 @@ class Arachni::Plugins::HTTPDicattack < Arachni::Plugin::Base
|
|
100
97
|
framework-wide and used for the duration of the audit.
|
101
98
|
If that's not what you want set the crawler's link-count limit to "0".},
|
102
99
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
103
|
-
version: '0.1.
|
100
|
+
version: '0.1.3',
|
104
101
|
options: [
|
105
102
|
Options::Path.new( 'username_list', [true, 'File with a list of usernames (newline separated).'] ),
|
106
103
|
Options::Path.new( 'password_list', [true, 'File with a list of passwords (newline separated).'] )
|
@@ -0,0 +1,34 @@
|
|
1
|
+
class Arachni::Plugins::RedundantVectors < Arachni::Plugin::Base
|
2
|
+
|
3
|
+
def run
|
4
|
+
@filter = Arachni::Support::LookUp::HashSet.new
|
5
|
+
|
6
|
+
Arachni::Element::Capabilities::Auditable.skip_like do |element|
|
7
|
+
next false if element.altered.to_s.empty?
|
8
|
+
|
9
|
+
id = get_id( element )
|
10
|
+
|
11
|
+
if @filter.include? id
|
12
|
+
print_info "Skipping: #{element.altered}"
|
13
|
+
true
|
14
|
+
else
|
15
|
+
@filter << id
|
16
|
+
false
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def get_id( element )
|
22
|
+
"#{element.auditor.class}:#{element.altered}"
|
23
|
+
end
|
24
|
+
|
25
|
+
def self.info
|
26
|
+
{
|
27
|
+
name: 'Redundant vectors',
|
28
|
+
description: %q{Prevents vectors with the same name from being audited more than once.},
|
29
|
+
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
30
|
+
version: '0.1'
|
31
|
+
}
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
@@ -15,9 +15,9 @@
|
|
15
15
|
These issues are considered trusted and fairly accurate.
|
16
16
|
</blockquote>
|
17
17
|
|
18
|
-
<% if
|
18
|
+
<% if filtered_hashes.any? %>
|
19
19
|
<% auditstore.issues.each_with_index do |issue, i|%>
|
20
|
-
<% next if
|
20
|
+
<% next if issue.untrusted? %>
|
21
21
|
|
22
22
|
<%= erb :issue, { :idx => i+1, :issue => issue, :crypto_issues => crypto_issues } %>
|
23
23
|
<% end %>
|
@@ -37,27 +37,12 @@
|
|
37
37
|
The listed issues need verification by a human.
|
38
38
|
</blockquote>
|
39
39
|
|
40
|
-
<% if
|
41
|
-
|
42
|
-
|
43
|
-
<% anomalous_meta_results.each_pair do |name, data|%>
|
44
|
-
<li><a href="#<%=name%>"><%=data[:name]%></a></li>
|
45
|
-
<% end %>
|
46
|
-
</ul>
|
47
|
-
|
48
|
-
|
49
|
-
<% anomalous_meta_results.each_pair do |name, data|%>
|
50
|
-
<div id="<%=name%>">
|
51
|
-
<h3>Component description:</h3>
|
52
|
-
<blockquote> <%=data[:description]%> </blockquote>
|
53
|
-
<br/>
|
54
|
-
<% data[:results].each do |issue| %>
|
55
|
-
<%= format_issue( issue['hash'] ) %>
|
56
|
-
<% end %>
|
57
|
-
</div>
|
58
|
-
<% end %>
|
40
|
+
<% if anomalous_hashes.any? %>
|
41
|
+
<% auditstore.issues.each_with_index do |issue, i|%>
|
42
|
+
<% next if issue.trusted? %>
|
59
43
|
|
60
|
-
|
44
|
+
<%= erb :issue, { :idx => i+1, :issue => issue, :crypto_issues => crypto_issues } %>
|
45
|
+
<% end %>
|
61
46
|
<% else %>
|
62
47
|
<p class="notice">No untrusted issues have been logged.</p>
|
63
48
|
<% end %>
|
data/reports/stdout.rb
CHANGED
@@ -23,7 +23,7 @@
|
|
23
23
|
#
|
24
24
|
# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
|
25
25
|
#
|
26
|
-
# @version 0.2.
|
26
|
+
# @version 0.2.4
|
27
27
|
#
|
28
28
|
class Arachni::Reports::Stdout < Arachni::Report::Base
|
29
29
|
|
@@ -159,7 +159,7 @@ class Arachni::Reports::Stdout < Arachni::Report::Base
|
|
159
159
|
name: 'Stdout',
|
160
160
|
description: %q{Prints the results to standard output.},
|
161
161
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>',
|
162
|
-
version: '0.2.
|
162
|
+
version: '0.2.4'
|
163
163
|
}
|
164
164
|
end
|
165
165
|
|
@@ -172,7 +172,7 @@ class Arachni::Reports::Stdout < Arachni::Report::Base
|
|
172
172
|
print_info "Variation #{i+1}:"
|
173
173
|
print_info "URL: #{var['url']}"
|
174
174
|
print_info "ID: #{var['id']}" if var['id']
|
175
|
-
print_info "Injected value: #{var['injected']}" if var['injected']
|
175
|
+
print_info "Injected value: #{var['injected'].inspect}" if var['injected']
|
176
176
|
print_info "Regular expression: #{var['regexp']}" if var['regexp']
|
177
177
|
print_info "Matched string: #{var['regexp_match']}" if var['regexp_match']
|
178
178
|
|
@@ -10,8 +10,9 @@ describe Arachni::Element::Capabilities::Auditable::RDiff do
|
|
10
10
|
describe '#rdiff_analysis' do
|
11
11
|
before do
|
12
12
|
@opts = {
|
13
|
-
|
14
|
-
|
13
|
+
pairs: [
|
14
|
+
{ 'good' => 'bad '}
|
15
|
+
]
|
15
16
|
}
|
16
17
|
@params = { 'rdiff' => 'blah' }
|
17
18
|
issues.clear
|
data/spec/arachni/http_spec.rb
CHANGED
@@ -75,7 +75,6 @@ describe Arachni::HTTP do
|
|
75
75
|
end
|
76
76
|
end
|
77
77
|
|
78
|
-
|
79
78
|
describe 'Arachni::Options#url' do
|
80
79
|
context 'when the target URL includes auth credentials' do
|
81
80
|
it 'uses them globally' do
|
@@ -101,6 +100,33 @@ describe Arachni::HTTP do
|
|
101
100
|
end
|
102
101
|
end
|
103
102
|
|
103
|
+
describe 'Arachni::Options#http_username and Arachni::Options#http_password' do
|
104
|
+
it 'uses them globally' do
|
105
|
+
url = web_server_url_for( :http_auth )
|
106
|
+
@opts.url = url.to_s
|
107
|
+
|
108
|
+
Arachni::Options.http_username = 'username1'
|
109
|
+
Arachni::Options.http_password = 'password1'
|
110
|
+
@http.reset
|
111
|
+
|
112
|
+
# first fail to make sure that our test server is actually working properly
|
113
|
+
code = 0
|
114
|
+
@http.get( @opts.url + 'auth' ) { |res| code = res.code }
|
115
|
+
@http.run
|
116
|
+
code.should == 401
|
117
|
+
|
118
|
+
Arachni::Options.http_username = 'username'
|
119
|
+
Arachni::Options.http_password = 'password'
|
120
|
+
@http.reset
|
121
|
+
|
122
|
+
response = nil
|
123
|
+
@http.get( @opts.url + 'auth' ) { |res| response = res }
|
124
|
+
@http.run
|
125
|
+
response.code.should == 200
|
126
|
+
response.body.should == 'authenticated!'
|
127
|
+
end
|
128
|
+
end
|
129
|
+
|
104
130
|
describe 'Arachni::Options#user_agent' do
|
105
131
|
it 'uses the default user-agent setting' do
|
106
132
|
body = nil
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe name_from_filename do
|
4
|
+
include_examples 'module'
|
5
|
+
|
6
|
+
def self.targets
|
7
|
+
%w(PHP JSP ASP)
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.elements
|
11
|
+
[ Element::FORM, Element::LINK, Element::COOKIE, Element::HEADER ]
|
12
|
+
end
|
13
|
+
|
14
|
+
def issue_count_per_element
|
15
|
+
{
|
16
|
+
Element::FORM => 2,
|
17
|
+
Element::LINK => 4,
|
18
|
+
Element::COOKIE => 1,
|
19
|
+
Element::HEADER => 2
|
20
|
+
}
|
21
|
+
end
|
22
|
+
|
23
|
+
easy_test
|
24
|
+
end
|